Data Loss and Exfiltration Methods
Major network attacks are now conducted by sophisticated, well-funded teams that can evade corporate security measures and steal millions of records from all types of organizations all over the world. Traditional security measures are good at identifying suspect traffic that is coming inbound, but many organizations lack the visibility into traffic that is leaving their internal networks. This outbound traffic, if being controlled by malicious actors with a foothold inside the corporate network, often includes company trade secrets, customer data, or other proprietary information that should not be seen by anyone outside of the organization. Having this type of traffic leave the corporation, unbeknownst to those who are responsible for it, places the organization at significant risk for compromised intellectual property, loss of sensitive customer and financial data, and high costs from disrupted operations and remediation efforts.
Several types of data are particularly attractive to the miscreants of the cyber (under) world:
Intellectual property (IP): This consists of any type of data or documentation that is the property of an organization and has been created or produced by employees of the organization. IP often refers to the designs, drawings, and documents that support the development, sale, and support of an organization’s products.
Personally identifiable information (PII): This is the type of information that has, unfortunately, been talked about in the press all too often lately when we hear about data breaches. This information includes names, dates of birth, addresses, and Social Security numbers (SSN).
Credit/debit cards: In addition to PII, which is often stolen/compromised during data breaches, credit and debit card information (the information contained on the magnetic stripe or within the embedded chip in chip and pin cards) is extremely desired by the malicious actors.
It is paramount for every organization, no matter what size, vertical or not, or whether they are publicly or privately held, to make every effort to protect their data assets. This involves a combination of clearly communicated and effective security policies, employee education, and the technologies to help ensure that the security policies put in place can be enforced.